According to www.tradingview.com, Cloudsmith has raised $72 million in a Series C funding round aimed at securing the artificial intelligence software supply chain.
Funding and Strategic Focus
The investment underscores growing industry attention on the integrity and security of software artifacts used in AI development and deployment — a critical yet often overlooked layer of modern digital infrastructure. Unlike traditional hardware- or logistics-centric supply chain concerns, this initiative targets the upstream flow of code, packages, dependencies, and model weights that power AI systems. According to the report, the funding will accelerate Cloudsmith’s platform capabilities for artifact governance, provenance tracking, vulnerability scanning, and policy enforcement across CI/CD pipelines.
Industry Context and Practitioner Relevance
Software supply chain security has gained urgency following high-profile incidents such as the 2020 SolarWinds breach and the 2021 Log4j vulnerability — both of which exploited trusted open-source dependencies. In 2023, the U.S. National Institute of Standards and Technology (NIST) released its Secure Software Development Framework (SSDF), and the Cybersecurity and Infrastructure Security Agency (CISA) launched the Secure by Design initiative, urging vendors to harden software delivery processes. Meanwhile, major cloud providers — including Microsoft, Google, and AWS — have integrated software bill of materials (SBOM) generation and signing into their developer toolchains. For supply chain professionals, this signals a convergence: software artifacts are now first-class supply chain components requiring traceability, version control, access governance, and audit readiness — just like physical goods.
Practically, procurement and vendor risk teams must now assess not only a supplier’s operational resilience or compliance certifications but also their software artifact management practices — including whether they use signed, immutable registries; enforce dependency scanning; and maintain verifiable build provenance. Cloudsmith’s platform serves as an enterprise-grade package management and distribution system compatible with over 20 package formats (e.g., Python PyPI, JavaScript npm, Docker, Helm, Rust Cargo), enabling organizations to enforce consistent policies across heterogeneous development environments.
Source: www.tradingview.com
Compiled from international media by the SCI.AI editorial team.
